package com.netease.sloth.flink.connector.filesystem.table.meta;

import com.netease.sloth.flink.connector.filesystem.hdfs.util.SlothFileUtil;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.Serializable;
import java.io.UncheckedIOException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.Callable;
import java.util.function.Supplier;
import javax.security.auth.Subject;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.curator.framework.CuratorFramework;
import org.apache.curator.framework.CuratorFrameworkFactory;
import org.apache.curator.retry.RetryNTimes;
import org.apache.flink.shaded.guava18.com.google.common.base.Charsets;
import org.apache.flink.shaded.guava18.com.google.common.base.Preconditions;
import org.apache.flink.shaded.guava18.com.google.common.hash.Hashing;
import org.apache.flink.shaded.guava18.com.google.common.io.ByteStreams;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sun.security.krb5.Config;
import sun.security.krb5.KrbException;

/* loaded from: input_file:com/netease/sloth/flink/connector/filesystem/table/meta/TableMetaStore.class */
public class TableMetaStore implements Serializable {
    private static final int retries = 3;
    public static final String AUTH_METHOD_KERBEROS = "KERBEROS";
    private static final String KRB_CONF_FILE_NAME = "krb5.conf";
    private static final String KEY_TAB_FILE_NAME = "krb.keytab";
    private static final String META_STORE_SITE_FILE_NAME = "hive-site.xml";
    private static final String HADOOP_USER_PROPERTY = "HADOOP_USER_NAME";
    private static final String KRB5_CONF_PROPERTY = "java.security.krb5.conf";
    private static final String METASTOREURIS = "hive.metastore.uris";
    private static final String METASTORE_ZOOKEEPER_QUORUM = "hive.metastore.zookeeper.quorum";
    private static final String METASTORE_ZOOKEEPER_NAMESPACE = "hive.metastore.zookeeper.product.namespace";
    private final byte[] metaStoreSite;
    private final byte[] hdfsSite;
    private final byte[] coreSite;
    private final String authMethod;
    private final String hadoopUsername;
    private final byte[] krbKeyTab;
    private final byte[] krbConf;
    private final String krbPrincipal;
    private SerializableConfiguration hadoopConf;
    private transient UserGroupInformation ugi;
    private transient Path confCachePath;
    private final String compression;
    private boolean withoutHive;
    private static final Logger LOG = LoggerFactory.getLogger(TableMetaStore.class);
    private static final Object lock = new Object();
    public static final String AUTH_METHOD_SIMPLE = "SIMPLE";
    public static final TableMetaStore EMPTY = new TableMetaStore(new byte[0], new byte[0], new byte[0], AUTH_METHOD_SIMPLE, "", new byte[0], new byte[0], "", "") { // from class: com.netease.sloth.flink.connector.filesystem.table.meta.TableMetaStore.1
        @Override // com.netease.sloth.flink.connector.filesystem.table.meta.TableMetaStore
        public synchronized Configuration getConfiguration() {
            return new Configuration();
        }
    };

    /* loaded from: input_file:com/netease/sloth/flink/connector/filesystem/table/meta/TableMetaStore$Builder.class */
    public static class Builder {
        private byte[] metaStoreSite;
        private byte[] hdfsSite;
        private byte[] coreSite;
        private String authMethod;
        private String hadoopUsername;
        private byte[] krbKeyTab;
        private byte[] krbConf;
        private String krbPrincipal;
        private String compression;

        public Builder withMetaStoreSitePath(String str) {
            this.metaStoreSite = readBytesFromFile(str);
            return this;
        }

        public Builder withMetaStoreSite(byte[] bArr) {
            this.metaStoreSite = bArr;
            return this;
        }

        public Builder withHdfsSitePath(String str) {
            this.hdfsSite = readBytesFromFile(str);
            return this;
        }

        public Builder withHdfsSite(byte[] bArr) {
            this.hdfsSite = bArr;
            return this;
        }

        public Builder withCoreSitePath(String str) {
            this.coreSite = readBytesFromFile(str);
            return this;
        }

        public Builder withCoreSite(byte[] bArr) {
            this.coreSite = bArr;
            return this;
        }

        public Builder withCompression(String str) {
            this.compression = str;
            return this;
        }

        public Builder withSimpleAuth(String str) {
            this.authMethod = TableMetaStore.AUTH_METHOD_SIMPLE;
            this.hadoopUsername = str;
            return this;
        }

        public Builder withKrbAuth(String str, String str2, String str3) {
            this.authMethod = TableMetaStore.AUTH_METHOD_KERBEROS;
            this.krbKeyTab = readBytesFromFile(str);
            this.krbConf = readBytesFromFile(str2);
            this.krbPrincipal = str3;
            return this;
        }

        public Builder withKrbAuth(byte[] bArr, byte[] bArr2, String str) {
            this.authMethod = TableMetaStore.AUTH_METHOD_KERBEROS;
            this.krbKeyTab = bArr;
            this.krbConf = bArr2;
            this.krbPrincipal = str;
            return this;
        }

        public Builder withAuth(String str, String str2, byte[] bArr, byte[] bArr2, String str3) {
            this.authMethod = str;
            this.hadoopUsername = str2;
            this.krbKeyTab = bArr;
            this.krbConf = bArr2;
            this.krbPrincipal = str3;
            return this;
        }

        private byte[] readBytesFromFile(String str) {
            try {
                return SlothFileUtil.toByteArray(new FileInputStream(str));
            } catch (IOException e) {
                throw new UncheckedIOException("Read config failed:" + str, e);
            }
        }

        public TableMetaStore build() {
            Preconditions.checkNotNull(this.hdfsSite);
            Preconditions.checkNotNull(this.coreSite);
            if (TableMetaStore.AUTH_METHOD_SIMPLE.equals(this.authMethod)) {
                Preconditions.checkNotNull(this.hadoopUsername);
            } else {
                if (!TableMetaStore.AUTH_METHOD_KERBEROS.equals(this.authMethod)) {
                    throw new IllegalArgumentException("Unsupported auth method:" + this.authMethod);
                }
                Preconditions.checkNotNull(this.krbConf);
                Preconditions.checkNotNull(this.krbKeyTab);
                Preconditions.checkNotNull(this.krbPrincipal);
                TableMetaStore.LOG.info("krbConf: " + new String(this.krbConf));
                TableMetaStore.LOG.info("coreSite: " + new String(this.coreSite));
                TableMetaStore.LOG.info("hdfsSite: " + new String(this.hdfsSite));
            }
            return new TableMetaStore(this.metaStoreSite, this.hdfsSite, this.coreSite, this.authMethod, this.hadoopUsername, this.krbKeyTab, this.krbConf, this.krbPrincipal, this.compression);
        }
    }

    /* loaded from: input_file:com/netease/sloth/flink/connector/filesystem/table/meta/TableMetaStore$TableMetaStoreFuture.class */
    public static class TableMetaStoreFuture<T> implements Supplier<T> {
        private final TableMetaStore tableMetaStore;
        private final Callable<T> callable;

        public TableMetaStoreFuture(TableMetaStore tableMetaStore, Callable<T> callable) {
            this.tableMetaStore = tableMetaStore;
            this.callable = callable;
        }

        @Override // java.util.function.Supplier
        public T get() {
            return (T) this.tableMetaStore.doAs(this.callable);
        }
    }

    public static Builder builder() {
        return new Builder();
    }

    private TableMetaStore(byte[] bArr, byte[] bArr2, byte[] bArr3, String str, String str2, byte[] bArr4, byte[] bArr5, String str3, String str4) {
        Preconditions.checkArgument(AUTH_METHOD_SIMPLE.equals(str) || AUTH_METHOD_KERBEROS.equals(str), "Error auth method:%s", new Object[]{str});
        this.metaStoreSite = bArr;
        this.hdfsSite = bArr2;
        this.coreSite = bArr3;
        this.authMethod = str;
        this.hadoopUsername = str2;
        this.krbKeyTab = bArr4;
        this.krbConf = bArr5;
        this.krbPrincipal = str3;
        this.compression = str4;
    }

    public byte[] getMetaStoreSite() {
        return this.metaStoreSite;
    }

    public byte[] getHdfsSite() {
        return this.hdfsSite;
    }

    public byte[] getCoreSite() {
        return this.coreSite;
    }

    public byte[] getKrbKeyTab() {
        return this.krbKeyTab;
    }

    public byte[] getKrbConf() {
        return this.krbConf;
    }

    public String getKrbPrincipal() {
        return this.krbPrincipal;
    }

    public Optional<String> getKrbPrincipalOptional() {
        return StringUtils.isBlank(this.krbPrincipal) ? Optional.empty() : Optional.of(this.krbPrincipal);
    }

    public String getAuthMethod() {
        return this.authMethod;
    }

    public String getHadoopUsername() {
        return this.hadoopUsername;
    }

    public String getCompression() {
        return this.compression;
    }

    public synchronized Configuration getConfiguration() {
        if (this.hadoopConf == null) {
            Configuration buildConfiguration = buildConfiguration(this);
            initHiveSiteConf(buildConfiguration);
            this.hadoopConf = new SerializableConfiguration(buildConfiguration);
        }
        return this.hadoopConf.get();
    }

    public <T> T doAs(Callable<T> callable) {
        try {
            T t = (T) ((UserGroupInformation) Objects.requireNonNull(getUGI())).doAs(() -> {
                try {
                    return callable.call();
                } catch (Throwable th) {
                    throw new RuntimeException("run with ugi doAs request failed.", th);
                }
            });
            UserGroupInformation.reset();
            return t;
        } catch (Throwable th) {
            UserGroupInformation.reset();
            throw th;
        }
    }

    public <T> T doAsWithException(Callable<T> callable) throws IOException, InterruptedException {
        try {
            UserGroupInformation userGroupInformation = (UserGroupInformation) Objects.requireNonNull(getUGI());
            callable.getClass();
            T t = (T) userGroupInformation.doAs(callable::call);
            UserGroupInformation.reset();
            return t;
        } catch (Throwable th) {
            UserGroupInformation.reset();
            throw th;
        }
    }

    public synchronized UserGroupInformation getUGI() {
        if (this.ugi == null) {
            try {
                if (AUTH_METHOD_SIMPLE.equals(this.authMethod)) {
                    UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
                    if (currentUser != null && currentUser.getAuthenticationMethod().equals(UserGroupInformation.AuthenticationMethod.valueOf(this.authMethod)) && currentUser.getUserName().equals(this.hadoopUsername)) {
                        this.ugi = currentUser;
                    } else {
                        System.setProperty(HADOOP_USER_PROPERTY, this.hadoopUsername);
                        UserGroupInformation.setConfiguration(getConfiguration());
                        UserGroupInformation.loginUserFromSubject((Subject) null);
                        this.ugi = UserGroupInformation.getLoginUser();
                    }
                } else if (AUTH_METHOD_KERBEROS.equals(this.authMethod)) {
                    if (this.confCachePath == null) {
                        this.confCachePath = generateKrbConfPath();
                        if (!this.confCachePath.toFile().exists()) {
                            this.confCachePath.toFile().mkdirs();
                        }
                    }
                    String saveConfInPath = saveConfInPath(this.confCachePath, KRB_CONF_FILE_NAME, this.krbConf);
                    String saveConfInPath2 = saveConfInPath(this.confCachePath, "krb.keytab", this.krbKeyTab);
                    System.clearProperty(HADOOP_USER_PROPERTY);
                    System.setProperty(KRB5_CONF_PROPERTY, saveConfInPath);
                    getConfiguration().set("yarn.resourcemanager.principal", this.krbPrincipal);
                    Config.refresh();
                    UserGroupInformation.setConfiguration(getConfiguration());
                    this.ugi = login(this.krbPrincipal, saveConfInPath2);
                    LOG.info("return login kerberos from {}, {}, isSecurityEnabled:{}.", new Object[]{this.krbPrincipal, saveConfInPath2, Boolean.valueOf(UserGroupInformation.isSecurityEnabled())});
                }
            } catch (IOException | KrbException e) {
                throw new RuntimeException("Fail to init user group information", e);
            }
        } else {
            if (AUTH_METHOD_KERBEROS.equals(this.authMethod)) {
                try {
                    this.ugi.checkTGTAndReloginFromKeytab();
                } catch (IOException e2) {
                    throw new RuntimeException("Relogin from keytab failed", e2);
                }
            }
            UserGroupInformation.setConfiguration(getConfiguration());
            LOG.info("return ugi {}, isSecurityEnabled:{}.", this.ugi.getUserName(), Boolean.valueOf(UserGroupInformation.isSecurityEnabled()));
        }
        return this.ugi;
    }

    private UserGroupInformation login(String str, String str2) throws IOException {
        int i;
        int i2 = 0;
        while (true) {
            int i3 = i2;
            i2++;
            if (i3 >= retries) {
                throw new RuntimeException(String.format("after login failed %s times, throw runtime exception.", Integer.valueOf(retries)));
            }
            try {
                this.ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(str, str2);
                return this.ugi;
            } finally {
                if (i2 == i) {
                }
            }
        }
    }

    private synchronized Optional<Configuration> initHiveSiteConf(Configuration configuration) {
        Optional<URL> hiveSiteLocation = getHiveSiteLocation();
        if (!hiveSiteLocation.isPresent()) {
            return Optional.empty();
        }
        configuration.addResource(hiveSiteLocation.get());
        String str = configuration.get(METASTOREURIS);
        if (StringUtils.isBlank(str)) {
            try {
                str = getHiveMetaStoreUris(UserGroupInformation.getCurrentUser(), configuration.get(METASTORE_ZOOKEEPER_QUORUM), configuration.get(METASTORE_ZOOKEEPER_NAMESPACE));
            } catch (Throwable th) {
                LOG.error("failed to get hive metastore uris from zk.", th);
                throw new RuntimeException(th);
            }
        }
        configuration.set(METASTOREURIS, str);
        return Optional.of(configuration);
    }

    private String getHiveMetaStoreUris(UserGroupInformation userGroupInformation, String str, String str2) throws IOException, InterruptedException {
        if (StringUtils.isNotBlank(str)) {
            return (String) userGroupInformation.doAs(() -> {
                CuratorFramework build = CuratorFrameworkFactory.builder().connectString(str).namespace("hive_base").retryPolicy(new RetryNTimes(1, 1)).build();
                Throwable th = null;
                try {
                    try {
                        build.start();
                        List<String> list = (List) build.getChildren().forPath("/namespaces/" + str2 + "/uris");
                        ArrayList arrayList = new ArrayList();
                        for (String str3 : list) {
                            if (!"superuser".equals(str3)) {
                                arrayList.add(new URI(new String(Base64.decodeBase64(str3))));
                            }
                        }
                        String join = StringUtils.join(arrayList, ",");
                        if (build != null) {
                            if (0 != 0) {
                                try {
                                    build.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                build.close();
                            }
                        }
                        return join;
                    } finally {
                    }
                } catch (Throwable th3) {
                    if (build != null) {
                        if (th != null) {
                            try {
                                build.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            build.close();
                        }
                    }
                    throw th3;
                }
            });
        }
        throw new RuntimeException(String.format("can't fetch %s zk, because %s property is blank", METASTOREURIS, METASTORE_ZOOKEEPER_QUORUM));
    }

    public synchronized Optional<URL> getHiveSiteLocation() {
        try {
            if (this.confCachePath == null) {
                this.confCachePath = generateKrbConfPath();
                if (!this.confCachePath.toFile().exists()) {
                    this.confCachePath.toFile().mkdirs();
                }
            }
            if (ArrayUtils.isEmpty(this.metaStoreSite)) {
                return Optional.empty();
            }
            Path path = Paths.get(this.confCachePath.toAbsolutePath().toString(), META_STORE_SITE_FILE_NAME);
            if (!path.toFile().exists()) {
                path = Paths.get(saveConfInPath(this.confCachePath, META_STORE_SITE_FILE_NAME, this.metaStoreSite), new String[0]);
            }
            return Optional.of(new org.apache.hadoop.fs.Path("file://" + new org.apache.hadoop.fs.Path(path.toAbsolutePath().toString()).toUri().toString()).toUri().toURL());
        } catch (MalformedURLException e) {
            throw new RuntimeException("Fail to generate hive site location", e);
        }
    }

    private Path generateKrbConfPath() {
        return Paths.get(String.format("%s/%s/%s", Paths.get("", new String[0]).toAbsolutePath().toString(), "arctic_krb_conf", md5()), new String[0]);
    }

    private String saveConfInPath(Path path, String str, byte[] bArr) {
        String format = String.format("%s/%s", path.toString(), str);
        String name = Thread.currentThread().getName();
        synchronized (lock) {
            if (Paths.get(format, new String[0]).toFile().exists()) {
                LOG.info("{} {} is exists.", name, format);
            } else {
                LOG.info("{} do copy {}.", name, format);
                try {
                    FileOutputStream fileOutputStream = new FileOutputStream(format);
                    Throwable th = null;
                    try {
                        ByteStreams.copy(new ByteArrayInputStream(bArr), fileOutputStream);
                        LOG.info("{} finish copy.", name);
                        if (fileOutputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileOutputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                fileOutputStream.close();
                            }
                        }
                    } catch (Throwable th3) {
                        if (fileOutputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileOutputStream.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                fileOutputStream.close();
                            }
                        }
                        throw th3;
                    }
                } catch (IOException e) {
                    throw new UncheckedIOException("Fail to save conf files in work space", e);
                }
            }
        }
        return format;
    }

    private static Configuration buildConfiguration(TableMetaStore tableMetaStore) {
        Configuration configuration = new Configuration(false);
        configuration.addResource(new ByteArrayInputStream(tableMetaStore.getCoreSite()));
        configuration.addResource(new ByteArrayInputStream(tableMetaStore.getHdfsSite()));
        configuration.get("fs.defaultFS");
        return configuration;
    }

    public boolean isAuthMethodKerberos() {
        return AUTH_METHOD_KERBEROS.equals(this.authMethod);
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        TableMetaStore tableMetaStore = (TableMetaStore) obj;
        return Arrays.equals(this.metaStoreSite, tableMetaStore.metaStoreSite) && Arrays.equals(this.hdfsSite, tableMetaStore.hdfsSite) && Arrays.equals(this.coreSite, tableMetaStore.coreSite) && Objects.equals(this.authMethod, tableMetaStore.authMethod) && Objects.equals(this.hadoopUsername, tableMetaStore.hadoopUsername) && Arrays.equals(this.krbKeyTab, tableMetaStore.krbKeyTab) && Arrays.equals(this.krbConf, tableMetaStore.krbConf) && Objects.equals(this.krbPrincipal, tableMetaStore.krbPrincipal);
    }

    public int hashCode() {
        return (31 * ((31 * ((31 * ((31 * ((31 * Objects.hash(this.authMethod, this.hadoopUsername, this.krbPrincipal)) + Arrays.hashCode(this.metaStoreSite))) + Arrays.hashCode(this.hdfsSite))) + Arrays.hashCode(this.coreSite))) + Arrays.hashCode(this.krbKeyTab))) + Arrays.hashCode(this.krbConf);
    }

    private String md5() {
        return Hashing.md5().newHasher().putString("tableMetaStore:" + base64(getHdfsSite()) + base64(getCoreSite()) + base64(getMetaStoreSite()) + base64(getKrbConf()) + base64(getKrbKeyTab()) + getKrbPrincipal(), Charsets.UTF_8).hash().toString();
    }

    private String base64(byte[] bArr) {
        return bArr == null ? "" : java.util.Base64.getEncoder().encodeToString(bArr);
    }
}
